Ransomware is now considered a fact of life in today’s cyber security landscape, but that doesn’t mean SMBs are protecting themselves from a potential ransomware attack or even know it’s a possibility. Often, users only recognise a ransomware threat after it’s too late. In February 2018, according to Osterman Research and Barracuda there was one phishing attempt in every 3,331 emails and one piece of malware for every 645 emails. And falling for one of these emails can be costly.
According to the Ponemon Institute, the average cost due to damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053 in the past 12 months, and the average cost due to disruption of normal operations increased from $955,429 to $1,207,965.
SMBs need to start protecting themselves from the growing threat of ransomware. Becoming educated about the threat of ransomware and learning these important tips is an important first step.
1. Put Technical Safeguards in Place
As a best practice, have an intrusion-prevention system and security software running on your computers. This should include antivirus software, firewalls, and spam filters. Then, make sure all security patches are up to date, and deploy new patches on a regular basis.
It’s also critical to have a backup solution in place and frequently test the backups running on your systems to make sure they’re working properly. If you’re hit with ransomware, you’ll want to restore operations as quickly as possible, and having a recent backup to recover from will save you both time and money.
2. Ransomware Training
Even with technical safeguards in place, it’s employees who are ultimately at risk of exposing a business to ransomware. User error, such as clicking on an infected online advertisement, pop-up window, or attachment in a spam email, is often to blame for inviting ransomware into a computer. Therefore, educating your employees and system users are the most important line of defense.
Talk with your employees about ransomware, educating them on what it is and how they can help defend the business. Try getting the whole staff together for a training session and bring lunch to make it a Lunch-and-Learn event.
As a best practice, you should require all new employees to complete the training and offer it on an ongoing basis to avoid information being missed. If you don’t have the resources to put this type of training together, talk to your IT service provider. They should be able to run a program like this for you or provide other educational materials.
3. Provide Examples to End Users
The most effective way to educate your employees on ransomware is to show them examples of what it looks like, so they’ll know the warning signs and be able to identify a suspicious message or attachment before they click on anything. For example, you can share with them a Phishing Quiz, which includes examples of infected and legitimate emails and provides explanations of how to tell the difference.
Once ransomware has infected a computer, a message is displayed on the screen letting the user know their machine has been compromised.
It’s helpful to share this type of information with employees as well so that, even if it’s too late, they’ll know to alert management and ask for help.
How Lanrex Can Help
Lanrex connects businesses with the right technology to ensure they can safely navigate the changing landscape. Lanrex’s three cyber security packages provide all the basic protection plus the option to choose additional security features that give them the right fit for their cyber security needs.
Contact us to explore Lanrex’s cyber security solutions today.